> For the complete documentation index, see [llms.txt](https://docs.tonic.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tonic.ai/app/workspace/workspace-configuration-settings/data-connection-settings/using-a-connection-tunneling-option/connecting-through-tailscale.md).

# Connecting through Tailscale

[Tailscale](https://tailscale.com/blog/how-tailscale-works) is a managed virtual private network (VPN). It creates a private mesh network called a tailnet.

Every device on the tailnet then receives a stable private IP address, and can communicate directly to every other device.

## Enabling the connection from Structural <a href="#tailscale-enable-connection" id="tailscale-enable-connection"></a>

To allow Tonic Structural to reach a database through Tailscale, you:

1. Add the database server as a node on your tailnet, either directly or behind a subnet router.
2. Provide Structural with:
   1. An OAuth client credential.
   2. The access control list (ACL) tags for Structural to advertise when it joins the tailnet. Your tailnet ACL policy must allow those tags to reach the database's IP address and port.

## Configuring Tailscale tunneling

From the workspace configuration, to connect through Tailscale:

1. If the connector supports multiple tunneling options:

   1. Toggle **Enable Connection Tunnel** to the on position.
   2. From the **Tunnel type** dropdown list, select **Tailscale Tunnel**.

   If the data connector only supports Tailscale tunneling, then it is selected automatically.
2. In the **Tags** field, provide a comma-separated list of ACL tags to use to join the tailnet. For example, `tag:tonic-worker`.
3. Optionally, in the **Control Server URL** field, provide the URL. This is intended for customers who use Headscale or a self-hosted Tailscale control plane.
4. In the **Tailscale Auth Key** field, provide a Tailscale OAuth client credential. Structural does not support other types of Tailscale keys, such as user auth keys.\
   \
   You create the credential from the [OAuth clients](https://tailscale.com/docs/features/oauth-clients) page in your Tailscale admin console.\
   \
   If secrets managers are available, you can instead [select a secret name from a secrets manager](/app/workspace/workspace-configuration-settings/secrets-manager/selecting-a-secrets-manager-secret.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.tonic.ai/app/workspace/workspace-configuration-settings/data-connection-settings/using-a-connection-tunneling-option/connecting-through-tailscale.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.